package org.example.security.auth.config;

import org.example.security.auth.config.authorize.AuthorizationServerConfigUsePassword;
import org.example.security.sso.common.DefaultExceptionHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import javax.annotation.Resource;

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
@EnableWebSecurity
@Configuration
@Import(DefaultExceptionHandler.class)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private UserDetailsService userDetailsService;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder builder) throws Exception {
        builder.userDetailsService(userDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/").permitAll();
        http.sessionManagement()
                // 指定失效session跳转的地址，一般指定为登陆页面，这里用的是默认的地址/login
                // 注意：如果指定了该参数，登陆成功后，不能再跳到登陆前的地址，而是跳转到/
                // .invalidSessionUrl("/login")
                // session失效时的处理策略，invalidSessionUrl配了才生效，默认实现跳转到登陆页面 SimpleRedirectInvalidSessionStrategy
                // .invalidSessionStrategy(new SimpleRedirectInvalidSessionStrategy("/login"))

                // 一个帐号最多可以存在多少个session
                .maximumSessions(1)
                // 一个帐号的session数量超过允许的最大数量，是否拒绝登陆
                // .maxSessionsPreventsLogin(true)

                // session过期后跳转的地址，一般指定为登陆页面，这里用的是默认的地址/login
                // .expiredUrl("/login")
                // session过期时的处理策略，expiredUrl配了才生效，默认实现SimpleRedirectSessionInformationExpiredStrategy
                // .expiredSessionStrategy(new SimpleRedirectSessionInformationExpiredStrategy("/login"))
        ;
        super.configure(http);
    }

    /**
     * 密码模式需要流入AuthenticationManager对象
     * {@link AuthorizationServerConfigUsePassword#configure(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer)}
     * 注意：bean名称不能是authenticationManager，会报栈溢出错误
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
